Ard Biesheuvel

2 exploits Active since May 2013

CVE-2013-3735 WRITEUP HIGH WRITEUP

Php < 5.4.15 - Improper Input Validation

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

CVSS 7.5

View Code

CVE-2017-8065 WRITEUP HIGH WRITEUP

Linux Kernel - Memory Corruption

crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

CVSS 7.8

View Code